Security Directory

W

Wernigerode am Harz

wernigerode-tourismus.de

58

The website www.wernigerode-tourismus.de serves as a regional tourism portal for Wernigerode am Harz, Germany, providing information about local attractions such as Fachwerkhäuser, the Rathaus, the Schmalspurbahn, and the Brocken in the Nationalpark. The site targets tourists and visitors interested in exploring the Harz region. Technically, the site is built on TYPO3 CMS, a robust and professional content management system, and uses modern web technologies including CSS and JavaScript with Mapbox for mapping features. The hosting is provided by SchlundTech, a reputable hosting provider. Security posture is moderate; HTTPS is assumed but no explicit security headers or advanced security policies were detected. Privacy compliance is low due to the absence of privacy and cookie policies. No contact information or incident response details are present, limiting direct communication channels. Overall, the site is functional and professionally designed but would benefit from enhanced security and privacy compliance measures.

L

Lichterwelt Magdeburg – Eröffnung am 20. November 2025

lichterwelt-magdeburg.de

43

The website www.lichterwelt-magdeburg.de serves as the official online presence for the Lichterwelt Magdeburg, a large-scale public Christmas and winter lighting event in Magdeburg, Germany. The event features over a million LEDs illuminating the city with artistic light installations, free to the public from November 20, 2025, to February 2, 2026. The site targets local residents and tourists interested in cultural and festive events, providing event details, highlights, maps, and social media links. The business model focuses on event promotion and enhancing regional tourism appeal. Technically, the website is built on TYPO3 CMS, employing modern web standards including responsive design, optimized images, and JavaScript-based interactive elements such as countdown timers and image galleries. It integrates Matomo Analytics and Facebook Pixel for visitor tracking, alongside a GDPR-compliant cookie consent mechanism powered by Klaro. The site demonstrates good mobile optimization and SEO practices but lacks explicit security headers and detailed security or incident response policies. From a security perspective, the site uses HTTPS and implements cookie consent, indicating awareness of privacy regulations. However, no explicit security policies, incident response contacts, or vulnerability disclosure mechanisms are present. No forms collecting personal data were detected, reducing immediate data protection risks. The WHOIS data shows a legitimate domain setup with UI-DNS name servers and no privacy protection masking, consistent with the event's public nature. Overall, the website is professionally designed and trustworthy, with moderate technical sophistication and good privacy compliance. The absence of contact emails or phone numbers is a minor limitation for direct communication. Strategic recommendations include enhancing security headers, publishing security and incident response policies, and providing clearer contact information to improve trust and compliance.

C

Collectivité européenne d'Alsace

bas-rhin.fr

68

The Collectivité européenne d'Alsace (CeA) is a regional government entity serving the Alsace region in France. The website provides comprehensive information about public services, social aid, cultural events, transport, environment, and citizen engagement initiatives. It targets residents, professionals, and associations within the region, positioning itself as the authoritative source for regional governance and services. The business model is governmental, focusing on public administration and community support. Technically, the website employs modern web standards including HTML5, CSS3, and JavaScript, with integration of FontAwesome icons and the OreJime library for cookie consent management. Matomo analytics is used for user tracking, indicating a moderate level of digital maturity. The site is mobile-optimized and accessible, with good SEO practices and structured data enhancing search engine visibility. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms, but lacks visible security headers such as Content-Security-Policy or X-Frame-Options, which could be improved. No vulnerabilities or exposed sensitive data were detected. The WHOIS data is privacy protected, which is typical for government domains, and no suspicious patterns were found. Overall, the security posture is solid but could benefit from additional header configurations and a published security policy. The overall risk assessment is low, with a trustworthy and professional web presence that aligns with the organization's public service mission. Strategic recommendations include enhancing security headers, publishing a security policy or incident response contact, and adding a vulnerability disclosure mechanism to further strengthen trust and compliance.

I

Irriverso

irriverso.com

47

Irriverso operates a digital platform focused on irrigation data management, as evidenced by the login portal branded with irrigation-dataserver.com logos. The platform uses Auth0 for secure user authentication, indicating a modern approach to identity management. The site is targeted at users requiring access to irrigation-related data services, likely professionals in agriculture or irrigation system management. The business model appears to be subscription or account-based access to digital irrigation data services. Technically, the site employs React components and CSS variables, leveraging Auth0's Universal Login Page framework. The login page is functional and accessible, with good mobile optimization and accessibility features. However, SEO optimization is minimal, and no privacy or cookie policies are present, which limits compliance and user trust. No contact or incident response information is provided, which is a gap in transparency. Security-wise, the use of Auth0 provides a strong authentication foundation, including password visibility toggles and ARIA-compliant form validation. However, the absence of visible security headers and privacy policies reduces the overall security posture. No vulnerabilities or exposed sensitive data were detected in the analyzed content. Overall, the site is functional and secure for authentication purposes but lacks comprehensive privacy, compliance, and business transparency features. Enhancements in policy disclosures, contact information, and SEO would improve trust and compliance.

D

DAF Used Trucks

dafusedtrucks.com

74

DAF Used Trucks operates as a professional platform offering used trucks with a focus on quality, expert service, and a one-year guarantee. The website targets businesses and fleet operators seeking reliable used vehicles. The platform is well-designed, mobile-optimized, and provides advanced filtering options to assist customers in finding suitable trucks. Technically, the site leverages modern frameworks such as Next.js and React, hosted on Sitecore Cloud infrastructure, and integrates privacy compliance tools like OneTrust and analytics via Google Tag Manager and Google Analytics. Security posture is strong with HTTPS enforcement and standard security headers, though explicit security policies and incident response contacts are not published. The WHOIS data is missing or inaccessible, which raises some concerns about domain registration legitimacy despite the professional appearance and branding consistency of the website.

S

Squarewebsites

squarewebsites.org

62

Squarewebsites is a small technology business specializing in providing plugins and Chrome extensions tailored for Squarespace website designers and users. Their offerings focus on enhancing Squarespace sites with easy-to-install tools and expert support, positioning them as a niche provider in the Squarespace ecosystem. The website is professionally designed and hosted on the Squarespace platform, leveraging modern web technologies and third-party tools such as Visual Website Optimizer for analytics and optimization. Security posture is strong with HTTPS and HSTS enabled, though explicit privacy and terms policies are absent, which could be improved for compliance and trust. The domain WHOIS data is unavailable, likely due to privacy protection, which is common for small businesses but slightly reduces trustworthiness from a domain registration perspective. Overall, the business presents a credible and professional front with clear contact information and active social media presence.

P

PROBO-NB s.r.o.

probo-nb.cz

53

PROBO-NB s.r.o. operates a specialized e-commerce website focused on providing firefighting and safety equipment primarily to active firefighters and related professionals. The company positions itself as a niche supplier with a broad product range including protective clothing, firefighting tools, and technical devices. The website is professionally designed, mobile-optimized, and offers clear navigation and product information, supporting a positive user experience. Technically, the site leverages a custom e-commerce platform (BSSHOP), integrates Google Analytics and Tag Manager for tracking, and uses modern web technologies including JavaScript and jQuery. Security posture is solid with HTTPS enforced and cookie consent implemented, though explicit security headers and incident response policies are not evident. The absence of WHOIS data limits domain trust verification, but the presence of clear contact information and privacy policies supports business credibility. Overall, the site is functional, secure, and compliant with GDPR, serving a well-defined market segment effectively.

A

AutoEder s.r.o.

autoeder.cz

54

AutoEder s.r.o. operates as a reputable automotive dealership specializing in Toyota and Lexus vehicles, offering new and used cars, authorized servicing, financing, leasing, and additional automotive services primarily in the Czech Republic. The company maintains a strong market position with a professional online presence, targeting car buyers and owners seeking premium automotive brands. The website demonstrates a mature digital infrastructure built on WordPress, integrating modern analytics and marketing tools such as Google Analytics, Facebook Pixel, and TikTok Pixel, alongside comprehensive cookie consent management to ensure GDPR compliance. Security measures include HTTPS enforcement, reCAPTCHA on forms, and security headers, contributing to a robust security posture. However, the absence of publicly available WHOIS data and a formal security policy page limits full trust verification. Overall, the site is well-designed, user-friendly, and compliant with privacy regulations, supporting the company's credibility and customer engagement.

H

Holík International, s.r.o.

holik-international.cz

48

Holík International, s.r.o. is a Czech-based manufacturer specializing in protective equipment for firefighters, rescue workers, and defense personnel. Their product portfolio includes firefighting boots, gloves, and specialized defense gloves designed for police and military use. The company positions itself as a trusted regional supplier with a focus on innovation and collaboration with end users such as firefighters. Technically, the website is built with modern web technologies including JavaScript, CSS, and uses Google Analytics for tracking. It is mobile-optimized and provides a good user experience with clear navigation and professional design. Security-wise, the site enforces HTTPS and includes cookie consent mechanisms but lacks advanced security headers and explicit security policies. The absence of WHOIS data reduces domain trust slightly, but the overall business credibility remains high based on available company information and social media presence. Strategic recommendations include enhancing security headers, publishing incident response contacts, and improving privacy compliance documentation.

2

2M-IT Oy

hyvis.fi

56

Hyvis.fi is a Finnish regional health and wellbeing portal providing expert-reviewed information, health testing, monitoring, and access to social and health services. The website is operated by 2M-IT Oy and targets the general public seeking reliable health information and regional service access. The site uses a modern Angular 18 framework and presents a clean, professional design optimized for mobile devices. However, it lacks visible privacy and cookie policies, contact emails, and phone numbers, which impacts user trust and compliance. Security headers and incident response information are also absent, indicating room for improvement in security posture. Overall, the site is functional and informative but would benefit from enhanced compliance and security measures.

P

plehn media

website-tracking.com

54

Website Tracking is a specialized service provider focused on delivering GDPR-compliant website analytics and tracking solutions, primarily targeting website operators and marketers in Germany and Europe. The company emphasizes privacy, data protection, and compliance with EU regulations, offering services such as Matomo hosting and TYPO3 plugins. The website is built on TYPO3 CMS and integrates Matomo analytics with cookie-less tracking to enhance user privacy. The technical infrastructure is modern and well-implemented, with ISO 27001 certification and data storage exclusively in Germany, reinforcing trust and compliance. Security posture is solid, though improvements in security headers and incident response transparency are recommended. The absence of WHOIS registration data reduces domain trustworthiness, suggesting the need for verification of domain legitimacy. Overall, the website is professional, well-designed, and trustworthy, with a strong focus on privacy and compliance.

E

ETIX

etix.com

61

Etix.com operates as a globally recognized online ticketing platform specializing in the sale of tickets for live music, concerts, sports, fairs, festivals, theater, and arts events. The website provides a comprehensive event listing service, including gift cards, memberships, and season packages, targeting a broad audience of event attendees. The business has a long-standing presence since 1997, supported by a mature domain registration and consistent branding. Technically, the site employs a modern single-page application architecture with JavaScript and JSON-LD structured data to enhance SEO and user experience. Hosting is supported by Amazon AWS infrastructure, and the site uses HTTPS to secure communications.

P

Proemion

proemion.com

57

Proemion is a specialized technology company focused on telematics solutions for mobile machines and industrial assets. Their offerings include hardware gateways, cloud platforms, and analytics tools designed to provide real-time monitoring and predictive insights for OEMs, dealers, and equipment owners. The company positions itself as a trusted partner in the industrial telematics market with a strong international presence supported by multilingual website content and professional branding. Technically, the website is built on the Neos CMS platform using modern PHP frameworks and integrates multiple analytics and marketing tools with a strong emphasis on privacy compliance through Usercentrics consent management. Security posture is solid with HTTPS and strict Content-Security-Policy headers, though additional headers could enhance protection. The absence of WHOIS registration data is a notable anomaly that requires further verification to confirm domain legitimacy. Overall, Proemion demonstrates a mature digital presence with good security and privacy practices, serving a B2B industrial technology market.

The analyzed content corresponds to a Chrome internal error page (chrome-error://chromewebdata/) rather than an actual public website. This page is generated locally by the Chrome browser to indicate an error or offline status and includes the offline dinosaur game code. There is no business-related content, metadata, or contact information available. The page lacks privacy, cookie, and terms of service policies, and no external links or social media references are present. The technical infrastructure is limited to client-side JavaScript for the game, with no server-side or hosting information. Security posture is minimal due to the nature of the page being a local error display, with no HTTPS or security headers applicable. Overall, this is not a public-facing website and cannot be assessed for business or security credibility.

U

UTILO KG

utilo.eu

47

UTILO KG, led by DI Christian Osterrieder-Schlick, is a specialized web development and software consultancy firm based in Salzburg, Austria. With over 20 years of experience, the company offers bespoke web applications, custom software solutions, and certified expert witness services for IT projects. The website showcases a professional portfolio with detailed client projects, emphasizing long-term collaborations with notable clients such as SPAR, Brantner Gruppe, and Salzburg AG. The business model focuses on delivering tailored digital solutions and expert legal consulting in IT, targeting businesses and organizations requiring high-quality, technically sound web and software services. Technically, the website employs modern web standards including HTML5, CSS3, JavaScript, and frameworks like Bootstrap and Grails. It integrates CMS Joomla for content management and uses Docker microservices for some client projects. Hosting is provided by IONOS SE, a reputable registrar and hosting provider. The site is mobile-optimized, accessible, and SEO-friendly, with minimal user tracking via UMAMI Analytics, reflecting a moderate digital maturity. From a security perspective, the site uses HTTPS with good SSL configuration but lacks explicit security headers and publicly available security policies or incident response contacts. No vulnerabilities or exposed sensitive data were detected in the HTML content. Privacy compliance is limited due to the absence of privacy and cookie policies or consent mechanisms, representing an area for improvement. The business credibility is high, supported by clear contact information, professional content, and trust indicators such as certifications and client references. Overall, UTILO KG presents a trustworthy and professional digital presence with strong business credibility and technical implementation. To enhance security posture and compliance, the company should implement security headers, publish privacy and cookie policies, and establish a vulnerability disclosure or incident response channel.

Winamax operates a professional online sports betting platform targeting the German market, offering a wide range of sports and leagues for betting, including live betting and VIP programs. The website is well-branded, consistent, and provides a good user experience with modern technical infrastructure including React and jQuery, hosted on AWS. Security posture is strong with HTTPS and implied security headers, though explicit privacy and terms of service documents were not found in the provided content. The platform uses cookie consent mechanisms and tracking tools such as Google Analytics and Facebook Pixel, indicating moderate user tracking. Overall, the site is legitimate and trustworthy, catering to adult users interested in sports betting.

T

Transtech

transtech.pt

33

Transtech is a Portuguese technology-focused company specializing in qualification, digitalization, innovation, and technological development projects. The website presents a professional and consistent brand image targeting businesses interested in technological innovation and digital transformation. The technical infrastructure uses modern front-end technologies such as Google Fonts, FontAwesome, and popular JavaScript libraries for UI components, indicating a moderate level of digital maturity. Security posture is adequate with HTTPS enabled but lacks advanced security headers and incident response information, which are recommended for improvement. Privacy compliance is minimal, with no visible privacy or cookie policies, which could expose the company to regulatory risks. Overall, the website is functional and professional but would benefit from enhanced security and privacy practices to improve trust and compliance.

W

Württembergische Landesbibliothek

wlb-stuttgart.blog

57

The Württembergische Landesbibliothek operates a blog website focused on sharing knowledge, cultural events, and academic lectures related to the library and its services. The site targets a general audience interested in cultural and educational content, primarily in the German language. The institution holds a regional government position in Stuttgart, Germany, providing public access to information and cultural resources. The website content dates back to 2020, indicating an established digital presence. Technically, the website is built on WordPress CMS, utilizing the Yoast SEO plugin for search engine optimization and jQuery for client-side scripting. The site demonstrates good mobile optimization and a moderate performance profile. SEO practices are well implemented with proper meta tags and structured data using JSON-LD schema.org vocabulary. However, accessibility features are basic, and no advanced performance or hosting details are evident. From a security perspective, the site uses HTTPS as implied by canonical URLs, but no explicit security headers were detected in the provided data. There is no visible cookie consent mechanism, which is a GDPR compliance gap. No forms or user data collection points were found on the homepage, reducing attack surface. The absence of WHOIS data reduces domain trustworthiness, but the presence of official contact information and consistent branding supports legitimacy. Overall, the website presents a low-risk profile with good content quality and business credibility. Strategic improvements include implementing security headers, adding cookie consent for privacy compliance, and publishing security policies to enhance trust and compliance posture.

W

WeselMarketing GmbH

weselmarketing.de

69

WeselMarketing GmbH operates the official tourism and city marketing website for the city of Wesel, Germany. The website provides comprehensive information about cultural attractions, natural sites, events, travel planning, and local services aimed at tourists, visitors, and residents. The business is positioned as a key promoter of Wesel's tourism sector, leveraging digital channels to enhance visitor engagement and city branding. The site is well-structured, professionally designed, and offers multilingual support, reflecting a mature digital presence. Technically, the website is built on the Drupal CMS platform, utilizing modern web technologies including JavaScript libraries and Google Tag Manager for analytics and marketing. The site is mobile-optimized, accessible, and employs a robust cookie consent mechanism compliant with GDPR standards. Performance is moderate with good SEO and accessibility practices. From a security perspective, the site enforces HTTPS and uses session cookies appropriately. However, it lacks published security policies, incident response contacts, and vulnerability disclosure mechanisms, which are recommended for enhanced trust and compliance. No critical vulnerabilities or suspicious content were detected. Overall, the website demonstrates a strong business credibility and privacy compliance posture, with room for improvement in formal security documentation and incident readiness. The domain registration data aligns with the business location and sector, supporting legitimacy. Strategic recommendations include publishing security policies, adding vulnerability disclosure, and enhancing security headers to further strengthen the security posture.

W

WeselMarketing GmbH

wesel-tourismus.de

69

WeselTourismus.de is the official tourism website for the city of Wesel, Germany, managed by WeselMarketing GmbH. The site provides comprehensive information about local culture, nature, events, and travel planning, targeting tourists and local visitors. It features a professional design with clear navigation and multilingual support (German, English, Dutch). The website uses Drupal CMS and integrates Google Tag Manager for analytics and marketing purposes. Cookie consent mechanisms are implemented in compliance with GDPR. Security posture is good with HTTPS enforced and no visible vulnerabilities, though security headers could be improved. Contact information is clearly provided, including phone, email, and physical addresses. No terms of service or explicit security policies were found. Overall, the site is trustworthy, well-maintained, and serves as a reliable resource for tourism in Wesel.

KRZN – Kommunales Rechenzentrum Niederrhein is a large, well-established municipal IT service provider in Germany, founded in 1971. It serves 46 local government administrations with over 18,000 IT workstations supported by more than 500 employees across two main locations. The organization offers a broad portfolio of IT solutions tailored for public sector needs, including web conferencing systems with official certifications. Technically, the website is built on Drupal CMS, hosted likely by Deutsche Telekom, and uses eTracker for analytics. The site is well-structured, mobile-optimized, and professionally designed, reflecting a mature digital presence. Security posture is solid with HTTPS and no evident vulnerabilities, though explicit security headers and incident response policies are absent. Privacy compliance is partially met with a comprehensive privacy policy but lacks a cookie consent mechanism. Overall, the domain registration data aligns well with the business profile, indicating high legitimacy and trustworthiness.

B

Berufsverband der Mitarbeitenden im Pfarrbüro im Bistum Münster (BVMiP)

bvmip-muenster.de

58

The Berufsverband der Mitarbeitenden im Pfarrbüro im Bistum Münster (BVMiP) is a non-profit professional association dedicated to supporting church office staff within the Münster diocese. The website serves as an information hub for members, providing details about the board, professional roles, upcoming events, and training opportunities. Membership is free for eligible church office employees, emphasizing community and professional development. The association holds regular meetings and participates in national gatherings, highlighting its active role in the sector. Technically, the website is built on the Jimdo Creator CMS platform, leveraging Jimdo's hosting and static asset infrastructure. The site employs standard web technologies including JavaScript and CSS, with moderate performance and good mobile responsiveness. SEO and accessibility features are basic but functional. Cookie consent mechanisms are implemented, reflecting attention to privacy compliance. From a security perspective, the site uses HTTPS with good SSL configuration but lacks advanced security headers and explicit incident response contacts. No vulnerabilities or exposed sensitive data were detected. Privacy and cookie policies are present and accessible, supporting GDPR compliance. The WHOIS data aligns with the hosting provider and domain purpose, indicating legitimacy. Overall, the website is a trustworthy, well-maintained resource for its niche audience, with room for improvement in security hardening and expanded contact information to enhance trust and compliance.

B

Bistum Münster

stellenmarkt-bistum-muenster.de

43

The website 'Kirchentalente' serves as the official job market platform for the Diocese of Münster, Germany. It provides a specialized employment portal focusing on church-related and social sector jobs within the Münster region. The platform offers job listings, search and filtering capabilities, and employer information, targeting job seekers interested in meaningful roles within the Catholic Church and affiliated organizations. The business model is non-profit and community-focused, supporting recruitment efforts for the Diocese and its partners. Technically, the site is built on the TYPO3 CMS platform, leveraging modern web technologies including JavaScript, CSS, and FontAwesome icons. It integrates Matomo analytics for visitor tracking and CCM19 for cookie consent management, demonstrating a commitment to privacy compliance. The site is hosted on servers indicated by the nameservers, likely associated with Your-Server.de and related providers. Performance and mobile optimization are good, with a clear navigation structure and professional design. From a security perspective, the website enforces HTTPS and includes a cookie consent mechanism aligned with GDPR requirements. While no explicit security headers were detected in the HTML, the site shows no signs of exposed sensitive data or vulnerable libraries. However, there is room for improvement by implementing additional security headers and publishing a security policy or incident response contact. No vulnerability disclosure or security.txt file was found. Overall, the website is trustworthy, professional, and well-aligned with its mission. It maintains good privacy practices and provides clear contact information. The domain registration is consistent with the Diocese of Münster, enhancing legitimacy. Strategic recommendations include enhancing security headers, publishing security policies, and improving accessibility features to further strengthen the site's security posture and compliance.

B

Bistum Münster

kirchentalente.de

43

The website 'Kirchentalente' serves as the official job market portal for the Diocese of Münster, Germany. It provides a platform for job seekers to find employment opportunities primarily within church-related and social service sectors in the Münster region. The site is professionally designed and maintained, leveraging TYPO3 CMS and modern web technologies. It offers categorized job listings, search by location, and additional career-related content, targeting individuals interested in meaningful employment within the Catholic Church community. The platform is positioned as a regional niche service with strong ties to its parent organization, the Diocese of Münster. Technically, the website employs a mature infrastructure with TYPO3 CMS, JavaScript, CSS, and FontAwesome for UI elements. It integrates Matomo Analytics for visitor tracking and CCM19 for cookie consent management, reflecting compliance with GDPR requirements. The site is mobile-optimized and demonstrates good SEO practices, although accessibility features could be enhanced. Hosting appears stable with dedicated nameservers. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms. While explicit security headers like Content-Security-Policy are not evident, no critical vulnerabilities or exposed sensitive data were detected. The absence of a published security policy or incident response contact is noted but not uncommon for this type of non-profit organizational site. Overall, the security posture is solid but could benefit from additional hardening. The overall risk assessment is low, with the site demonstrating high trustworthiness, GDPR compliance, and professional content quality. Strategic recommendations include enhancing security headers, publishing security policies, and improving accessibility. The site is suitable for its intended audience and business purpose, with no indications of malicious or inappropriate content.

N

NewDefinition GmbH

nd-alumni.de

51

NewDefinition GmbH operates NDAlumni, a comprehensive alumni management system tailored for universities, alumni associations, and companies primarily in German-speaking countries. The platform offers an integrated SaaS solution covering website CMS, communication, community engagement, event and member management, and financial processing. The company positions itself as a customer-focused provider with transparent pricing and strong service support, targeting small to medium-sized alumni organizations. Technically, the website is well-structured, mobile-optimized, and uses modern web technologies with ISO-certified hosting and SSL encryption. Security practices align with GDPR and German data protection laws, though some improvements in security headers and cookie consent are recommended. Overall, the website is professional, trustworthy, and content-rich, supporting a strong market presence in the alumni management niche.

S

sofatutor GmbH

sofatutor.com

70

sofatutor.com is a well-established German online learning platform offering a comprehensive suite of educational resources including thousands of videos, exercises, vocabulary trainers, worksheets, and a homework chat service staffed by qualified teachers. The platform targets students from grades 1 through 13, providing engaging and interactive learning experiences designed to improve academic performance. The business model is subscription-based with a free trial period, supported by strong trust signals such as multiple awards and high user ratings. Technically, the site employs modern web technologies including Ruby on Rails, video.js, and various analytics and marketing tools, all integrated with user consent mechanisms to comply with privacy regulations. Security posture is strong with HTTPS, CSRF protection, and script integrity checks, though explicit security policies and incident response information are not publicly disclosed. Overall, the site demonstrates a high level of professionalism, usability, and compliance, though the absence of WHOIS data slightly reduces transparency.

T

Thomas-Krenn.AG

thomas-krenn.com

52

Thomas-Krenn.AG is a European-based technology company specializing in customized server and IT system solutions for professional applications. The company offers a wide range of products including rack servers, tower systems, workstations, industrial systems, and storage solutions, targeting businesses and IT professionals. Their business model focuses on B2B e-commerce combined with personalized consulting and support services, positioning them as a trusted provider in the server hardware market. The website reflects a mature digital presence with comprehensive product information, clear navigation, and professional design. Technically, the website employs modern web technologies such as Handlebars.js for templating, SwiperJS for sliders, and Salesforce Live Agent for live chat support. The site is mobile-optimized, accessible, and SEO-friendly, indicating a well-maintained technical infrastructure. Security measures include HTTPS enforcement, CSRF tokens in forms, and inferred security headers, contributing to a strong security posture. However, explicit security policies and incident response information are not published, representing an area for improvement. The WHOIS data is notably absent or inaccessible, which raises some concerns about domain registration transparency. Despite this, the website's professional content, detailed legal pages, and active customer support channels suggest legitimate business operations. No WAF or blocking mechanisms were detected, and the site is fully accessible. Overall, Thomas-Krenn.AG demonstrates a solid business and technical foundation with good security practices. Strategic recommendations include publishing explicit security and incident response policies, implementing a vulnerability disclosure program, and improving domain registration transparency to enhance trust and compliance.

S

Synology Inc.

quickconnect.to

59

Synology Inc. operates the QuickConnect service, enabling users to remotely access their Synology NAS devices without complex network configurations. Positioned as a leading technology provider in network-attached storage solutions, Synology targets both individual and enterprise NAS users globally. The website content is professional and focused on delivering clear information about the QuickConnect service, supporting Synology's market position as a trusted NAS provider. Technically, the website employs modern web technologies, likely React-based, with JavaScript and CSS bundles. It is mobile-optimized and includes cookie consent mechanisms, reflecting a mature digital infrastructure. Google Analytics is used for user behavior tracking, with privacy policies in place that indicate GDPR compliance. Performance is moderate, with room for improvement in accessibility and SEO. From a security perspective, the site enforces HTTPS and input validation on user inputs. However, explicit security headers are not detected, and no public security or incident response policies are published on this page. The WHOIS data confirms the domain's legitimacy, registered directly to Synology Inc., with no privacy protection, enhancing trust. Overall, the website presents a low-risk profile with strong business credibility and good privacy compliance. Strategic improvements could include publishing detailed security policies, adding security headers, and implementing a security.txt file to enhance vulnerability disclosure transparency.

P

Perfalytics, Inc.

perfalytics.com

64

Freshpaint is a healthcare-focused privacy platform designed to help healthcare marketers and organizations manage their data in compliance with HIPAA regulations. The company offers a suite of services including a BAA-supported platform, safe-by-default data blocking, complete visitor journey tracking, and secure server-side connections to ensure sensitive health information is never shared with non-compliant advertising and analytics tools. Positioned as a specialized SaaS provider, Freshpaint targets healthcare marketers seeking to balance high-performance marketing with stringent privacy requirements. The website reflects a professional and consistent brand image, emphasizing trust and compliance.

T

Turun yliopistollinen keskussairaala – Tyks

tyks.fi

57

Turun yliopistollinen keskussairaala (Tyks) is a major university hospital in Finland providing specialized healthcare services to the Varsinais-Suomi region. The website serves as an information portal for patients, relatives, and healthcare professionals, offering comprehensive details about treatments, hospital locations, and online services such as appointment booking. The site is well-structured, professionally designed, and uses Drupal 10 as its content management system, reflecting a mature digital infrastructure. Technical implementation includes modern web standards, mobile optimization, and accessibility features, ensuring a good user experience across devices. Security posture is strong with HTTPS enforcement and security headers, although explicit security policies and incident response information are not publicly detailed. Privacy compliance is evident through a cookie consent mechanism and a comprehensive privacy policy, aligning with GDPR requirements. WHOIS data confirms the legitimacy of the domain, matching the healthcare entity's identity and showing no suspicious patterns. Overall, the website demonstrates a high level of professionalism, trustworthiness, and compliance appropriate for a public healthcare institution.

I

ista SE

ista.com

65

ista SE is a leading energy service provider specializing in solutions that increase energy efficiency in buildings. The company offers digital products and services that help reduce CO2 emissions and make buildings safer and more comfortable. With over 6,300 employees across 20 countries and a customer base exceeding 460,000, ista SE holds a strong market position in the energy sector. Their 2024 sales reached EUR 1,220 million, reflecting a significant footprint in the industry. The website demonstrates a mature digital presence built on TYPO3 CMS, integrating modern technologies such as Google Tag Manager and Usercentrics for consent management. The site is well-optimized for mobile and accessibility, with clear navigation and professional design. Security posture is solid with HTTPS enforced and privacy compliance mechanisms in place, though some security headers are not explicitly detected. The absence of WHOIS registration data is a notable anomaly but does not detract from the overall legitimacy indicated by the corporate content and executive profiles. Strategic recommendations include enhancing security headers, publishing a security.txt file, and providing explicit incident response contacts to further strengthen trust and compliance.

The website corkspirit.com is currently an expired domain parked by GoDaddy.com, LLC. The page serves as a placeholder offering the domain for resale and contains no active business content or services. The primary audience is domain buyers or investors interested in acquiring the domain. The site includes basic privacy and cookie policy links and integrates advertising and consent management scripts from Google Adsense, TrustArc, and Trustpilot. The technical infrastructure is minimal, relying on GoDaddy's parking platform with React-based frontend elements and external widgets. Security posture is limited, with no visible HTTPS enforcement or security headers, and DNSSEC is not enabled. Overall, the site presents low business credibility and minimal content quality, reflecting its parked status rather than an operational business website.

P

Portugal Empreende 4.0

ptempreende40.pt

50

Portugal Empreende 4.0 is a Portuguese business ecosystem platform focused on Industry 4.0 entrepreneurship. The website serves as a hub for businesses and entrepreneurs interested in the digital transformation and industrial innovation within Portugal. The platform positions itself as a niche player supporting Industry 4.0 initiatives, targeting Portuguese companies and stakeholders in manufacturing and technology sectors. The website content is professionally presented with a consistent brand identity and good user experience, although it lacks explicit contact and policy information. Technically, the site uses standard web technologies including HTML5, CSS3, and JavaScript with Google Fonts and icon libraries, delivering moderate performance and good mobile optimization. Security posture is limited due to missing security headers and absence of privacy or cookie policies, which impacts compliance with GDPR and best practices. No incident response or vulnerability disclosure information is provided. WHOIS data confirms the domain is registered since 2019 with consistent registrant information matching the website's Portuguese business focus, supporting legitimacy. Overall, the site is functional and professional but would benefit from enhanced security and privacy compliance measures.

K

Mapa kriminality v Benešově – MěP Benešov

kriminalita-city.cz

53

The website www.kriminalita-city.cz serves as an official municipal crime mapping and public safety information portal for the city of Benešov, Czech Republic. It provides residents and visitors with an interactive map detailing various categories of offenses and municipal police activities. The site is built on WordPress and leverages modern JavaScript libraries such as Leaflet for mapping. While the site is functional and provides relevant local information, it lacks critical compliance elements such as privacy and cookie policies, and no contact information is readily available. The absence of WHOIS data for the domain raises concerns about domain legitimacy, although the content and linked municipal domains suggest official use. Security posture is moderate with HTTPS enabled but missing security headers and policies. Overall, the site is a useful public service tool but requires improvements in compliance and security transparency.

M

Město Benešov

ssob.info

47

The website ssob.info serves as the official social services portal for the Benešov district in the Czech Republic. It provides comprehensive information on social service catalogs, community planning, family policies, crisis lines, and institutional contacts. The site targets local residents and social service users, operating as a government public service platform. The presence of ISO 9001 certification and official city links reinforces its credibility and trustworthiness. Technically, the site is built on the vismo CMS platform, employs standard web technologies including HTML5, CSS, and JavaScript, and integrates Google Translate for multilingual support. The website demonstrates good mobile optimization, accessibility, and SEO practices, though performance is moderate.

F

Forest Resort

forestresort.cz

62

Forest Resort is a small luxury hospitality business located in the Czech Moravian Highlands, offering four-star accommodation, dining, conference facilities, and event hosting. The website is professionally designed with a strong focus on user experience and clear navigation, supporting the resort's market positioning as a niche luxury destination. Technically, the site uses modern JavaScript libraries and integrates a third-party booking system, with good mobile optimization and SEO practices. Security posture is adequate with HTTPS and cookie consent implemented, but lacks advanced security headers and incident response information. WHOIS data is missing, which slightly reduces trustworthiness but the overall digital presence and content quality support legitimacy. Privacy compliance is basic with GDPR and terms documents available. Recommendations include enhancing security headers, adding incident response contacts, and publishing a vulnerability disclosure policy.

L

Technologie recyklace pro maximální udržitelnost | Lavaris

lavaris.eu

56

The website www.lavaris.eu is hosted on the Wix platform and appears to be a business-oriented site with multilingual support for Czech and English. The site uses modern web technologies including JavaScript, Google Tag Manager for analytics, and Sentry for error monitoring. However, the visible content is minimal and lacks detailed business descriptions, contact information, or compliance policies. The domain WHOIS data is not publicly available due to EURid privacy restrictions for .eu domains, which is typical but limits trust verification. Security posture is basic with no visible security headers or policies, and privacy compliance is low due to missing privacy and cookie policies. Overall, the site is accessible without WAF or blocking mechanisms but requires improvements in transparency and security practices.

P

PROGLAS

proglas.cz

55

PROGLAS is a non-profit, non-commercial Christian radio station based in the Czech Republic, targeting informed families and the Christian community. The website serves as a digital platform for broadcasting, audio archives, news, and cultural programming, supported primarily through listener donations and fundraising campaigns. The station emphasizes a family-friendly and faith-based approach without advertising interruptions. Technically, the website is built on the Vizus CMS platform, utilizing modern web technologies including HTML5, CSS3, JavaScript, and integrates Google Tag Manager for analytics and marketing. The site is mobile-optimized with good navigation and content quality, though accessibility features could be improved. Performance is moderate, with a clean and professional design. Security-wise, the site enforces HTTPS and implements a comprehensive cookie consent mechanism aligned with GDPR requirements. However, it lacks visible security headers and a published security policy or incident response contact. No vulnerabilities or exposed sensitive data were detected. The absence of WHOIS data reduces trust slightly but may be due to registry privacy policies. Overall, PROGLAS presents a trustworthy and professional online presence for a niche non-profit media entity. Strategic improvements in privacy policy visibility, security headers, and WHOIS transparency would enhance its security posture and compliance standing.

Dev.java is an official Oracle-backed platform dedicated to Java developers, offering a comprehensive suite of tutorials, news, videos, downloads, and community resources. The website serves as a central hub for Java programming education and engagement, targeting developers globally. The platform benefits from Oracle's strong market position and branding, reinforcing its credibility and trustworthiness in the technology sector. Technically, the site employs modern web technologies including Bootstrap, Algolia search, and privacy-conscious analytics, hosted on Oracle Cloud infrastructure, ensuring fast performance and excellent mobile optimization. Security posture is solid with HTTPS enforced and domain protections in place, though improvements such as DNSSEC and enhanced security headers could further strengthen defenses. Privacy compliance is well addressed through links to Oracle's comprehensive privacy and terms policies, though explicit cookie consent mechanisms are absent. Overall, the site presents a professional, trustworthy, and content-rich experience for its audience.

S

Sentobib.

sentobib.eu

56

Sentobib.eu is a small-scale website hosted on the Wix platform, with minimal content and no visible business descriptive information or contact details. The site uses HTTPS and standard Wix technologies but lacks advanced security headers and privacy compliance documentation. The domain WHOIS data is unavailable due to EURid privacy restrictions, limiting trust and legitimacy assessment. Overall, the website appears to be a basic placeholder or under development with limited business presence and digital maturity.

V

Verbund der Öffentlichen Bibliotheken Berlins

voebb.de

61

The Verbund der Öffentlichen Bibliotheken Berlins (VÖBB) operates as the central public library network in Berlin, providing access to over 80 libraries including mobile and school libraries, alongside extensive digital offerings. The website serves as a portal for catalog search, event information, and user account management, targeting Berlin residents and library users. The business model is public service funded primarily through membership fees and public funding, positioning VÖBB as a key cultural and educational institution in the region. Technically, the site is built on a custom aDIS library management system with JavaScript and CSS, hosted likely by Berlin city administration infrastructure. The site is well-structured, mobile-optimized, and accessible, with professional design and clear navigation. Security posture is solid with HTTPS enforced and session management features, though it lacks some modern security headers and explicit incident response policies. Privacy compliance is good with a comprehensive privacy policy, but no visible cookie consent mechanism is present. Overall, the site is trustworthy, professional, and serves its public mission effectively.

The website stech.cz is currently a parked domain with minimal content indicating that the domain is for sale. There is no active business presence or detailed company information on the site. The domain was registered in late 2019 and uses parking name servers, consistent with a domain resale or parking business model. The site lacks privacy policies, contact information, and any substantive content, which limits its utility and trustworthiness. Technically, the site uses basic HTML, CSS, and JavaScript with multiple external ad and tracking scripts from third-party domains. There is no evidence of HTTPS or security headers, which poses security risks. Overall, the site is low in professionalism and business credibility, serving primarily as a placeholder for domain sale.

E

Elektrika.cz, spol. s r.o.

elektrika.cz

43

Elektrika.cz is a well-established Czech online portal specializing in electrical installation technology, regulations, and wiring diagrams. Founded in 1998, it serves a professional audience including electricians, inspectors, and designers by providing technical articles, industry news, training events, and a marketplace for electrical equipment. The site leverages the Plone CMS platform and integrates advertising through Revive Adserver, alongside Google Analytics for visitor insights. It maintains GDPR compliance with a privacy policy and cookie consent mechanisms, though lacks explicit security or incident response policies. Contact details including email and phone are clearly presented, supporting business credibility. Overall, Elektrika.cz demonstrates a mature digital presence with consistent branding and quality content tailored to the energy sector in the Czech Republic.

E

Elektrika.info

elektrika.tv

41

Elektrika.TV is a Czech multimedia platform specializing in electrotechnical videocasts and related industry content. It serves professionals and enthusiasts in electrical engineering by providing live streaming, archived videos, and related legislative and discussion resources. The platform is part of a broader ecosystem under Elektrika.info, targeting a niche market with a focus on quality technical content. The website uses Plone CMS and integrates video streaming technologies such as Video.js and Flowplayer. While the site is functional and well-structured, some technical components like the outdated jQuery version and lack of DNSSEC indicate areas for improvement. Security posture is moderate with HTTPS enabled and cookie consent implemented, but missing advanced security headers and modern JavaScript libraries pose potential risks. The domain is long-established and registered in the Czech Republic with privacy protection, consistent with the business profile. Overall, Elektrika.TV presents a trustworthy and professional media service with room for technical and security enhancements.

I

iwa

iwa.info

72

IWA OutdoorClassics is a globally recognized trade exhibition specializing in the hunting, target sports, and outdoor industry. The event serves as a premier platform for manufacturers, retailers, distributors, and media to showcase new products, network, and explore market trends. The website reflects a professional and well-structured digital presence, emphasizing event details, exhibitor information, and industry insights. Technically, the site leverages modern web technologies including React and Next.js, hosted likely on infrastructure associated with NürnbergMesse GmbH, the event organizer. Security posture is strong with HTTPS enforcement, security headers, and GDPR-compliant cookie consent mechanisms. However, the absence of a public security policy or incident response contact is noted. Overall, the site is trustworthy, well-maintained, and serves its business purpose effectively.

G

GYMIFY

gymify.app

53

GYMIFY is a fitness software platform targeting gym operators and fitness businesses, providing tools for fitness management. The website analyzed is primarily a login page with minimal content, built using modern JavaScript frameworks such as Vue.js and Nuxt.js, and styled with Vuetify. The technical infrastructure indicates a moderate level of digital maturity with good mobile optimization but lacks comprehensive SEO and accessibility features. Security posture is weak due to absence of security headers, privacy policies, and incident response information. No WAF or blocking mechanisms were detected, and the domain registration data aligns well with the business claims, indicating legitimacy. Overall, the website is functional but requires improvements in security, privacy compliance, and business transparency to enhance trust and user confidence.

T

Tereza Buchalová – fotograf

terezabuchalova.cz

58

The website www.terezabuchalova.cz represents a small local photography business based in the Czech Republic, specializing in portrait and lifestyle photography. The site offers services including studio rental and photography workshops, targeting a general audience primarily in the Pardubice region. The business model is service-oriented with a focus on personal photography sessions and educational offerings. The website is professionally designed with consistent branding and clear navigation, supporting a positive user experience.

D

DARRÉ

darre.cz

55

Darré is a Czech-based e-commerce retailer specializing in high-quality bedding, bed linens, home textiles, and related accessories. The website targets Czech and Slovak customers, offering a broad product range with clear navigation and professional branding. The business operates on the Shoptet platform, leveraging modern web technologies and personalization tools to enhance user experience. The company maintains a strong online presence with comprehensive privacy and cookie policies, ensuring GDPR compliance and user consent management. However, the absence of publicly available WHOIS data limits transparency regarding domain ownership. The website employs HTTPS with good security headers and secure forms, reflecting a solid security posture. While no explicit security policy or incident response information is published, the site demonstrates good privacy compliance and business credibility.

S

Senior Point Zlín

senior-point-zlin.cz

57

Senior Point Zlín is a community-focused service providing a friendly contact point for seniors in the city of Zlín, Czech Republic. The website serves as an informational portal offering details about services, events, and leisure activities tailored for senior citizens. The organization appears to be a small, local non-profit or government-supported entity dedicated to senior welfare. Technically, the website is built on the Webnode CMS platform, hosted via AWS Cloudfront CDN, and uses modern web technologies including JavaScript and CSS. The site is mobile-optimized and provides a good user experience with clear navigation and relevant content. Security-wise, the site enforces HTTPS and includes a cookie consent mechanism, but lacks advanced security headers and a privacy policy page, which are important for GDPR compliance. The absence of WHOIS data for the domain raises some concerns about domain registration transparency, although the website content and hosting appear legitimate. Overall, the site is functional and trustworthy for its intended audience but would benefit from improved privacy and security practices.

C

Centrum pro rodinu a sociální péči

familypoint.cz

44

FAMILY POINT místo pro rodinu® is a Czech non-profit organization providing family-friendly public spaces and services to support childcare and family life. Established in 2009, it operates a network of Family Points offering practical childcare facilities, information, and community events. The website reflects a well-maintained digital presence with clear branding and comprehensive content aimed at families and local communities. Technically, the site is built on WordPress with modern plugins and themes, offering good mobile responsiveness and user experience. Security posture is solid with HTTPS enforcement and cookie consent compliance, though some security headers could be improved. Overall, the site is trustworthy, compliant with GDPR, and professionally managed.